MBs <i cuctcace l 


Cloudforce One 


Cloudflare Threat Intelligence and 


Stronger security and greater situational 
awareness for security teams 


Cloudforce One reduces security risk through a powerful 
package of security intelligence, tools, and operations to 
make SOC and security teams smarter, more responsive, 
and more secure. 


Threat research and briefings arm organizations 
with the latest insights on threat actors and TTPs 
targeting their industry. 

Unmatched, ready-to-consume threat intelligence 


feeds including domains, IPs, phishing sites, DNS Additionally, customers get access to multiple tools to 
records and more. solidify security and speed investigations: 
° Threat researchers ready to augment your team’s 
capability with custom RFIs for research on any e An automated, API-driven sinkhole service. 
threat. ° Cloudflare Security Center Investigate to query 
threat data on IPs, ASNs, URLs, and domains. 
Cloudforce One makes Cloudflare’s distinguished threat e Brand and phishing protection that notifies 
intelligence available to customers, to bolster SOC teams when important brand keywords or assets are 
and security postures. used in attack campaigns. 


Cloudforce One tiers 


Premier Core ENT Customers 
Threat briefings and insights 
Quarterly multi-industry threat briefings Y Y 
Early access to threat research reports Y 
Threat actor profiles Y 
Industry-specific briefings Y 
Threat data & intelligence 
New detections based on emerging threat intel/TTPs Y Y Y 
Open port data and banners Y 
Historical threat data available via API and Dashboard Unlimited 7 days 
Monthly API queries for threat intel data 50,000 2500 
Threat investigation portal Y Y 
Brand and phishing protection Advanced 
Sinkhole and honeypot API access 8 IPs 


Threat operations 


Requests for information (RFIs) 8* 2* 
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Cloudflare threat intelligence advantages 


Threat data at Cloudflare scale 
We offer differentiated threat intelligence because we 
analyze vast amounts of threat data nobody else has: 


e Upto 48 million HTTP requests per second at peak 
e 1.7+ trillion queries analyzed per day 
e ~8 billion preemptive attack campaign signals per day 


Exceptional threat researchers 

Cloudforce One is led by our world-class threat research 
team, with experience analyzing threats at nation-state 
scale. The team’s expertise spans threat research, 
malware/vulnerability research, and threat operations to 
disrupt threat actors. The team publishes briefings and 
reports and leads RFI processes for organizations seeking 
detail on threats targeting them and their industry. 


Streamlined integrations 

Our API-driven threat feeds easily integrate via STIX/TAXII 
into SOC workflows and security products like 
SIEM/SOAR, EDR/XDR, TIP platforms, firewalls, or security 


Converting data to intelligence with layered 


data/threat analysis models 


HTTP reverse proxy threat analysis 
Attack fingerprint analysis, application attack 
detections, machine learning models, DDoS 
analysis, bot detections, TLS certificate 
monitoring. 


DNS Analysis 

DGA domain detection, DNS tunneling, newly 
seen/registered domains, brand protection 
computer vision. 


Threat and infrastructure analysis 

28 ML models including: malicious email 
content/attachments, credential harvesting 
sites, phishing website/spoofed domain 
detection, sender reputation model, BEC, 
malware hosting sites, IP classification, etc. 


analytics. Our threat intelligence automatically protects 


Cloudflare customers, automatically fed into our Zero 
Trust suite, Magic Firewall, WAF and API Gateway. 
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More agile SOC analysts 


Security analysts gain greater 
context and actionable 
information to speed 
investigations. Cloudforce One 
provides visibility into threats via 
research that prioritizes important 
TTPs, threat experts on call to 
assist and our Threat 
Investigation Portal to provide 
instant context on current and 
historical threat data like IPs, 
ASNs, URLs and domains. 
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More effective security teams 


Teams charged with bolstering 
the effectiveness of 
organizational security postures 
benefit from actionable threat 
feeds that are easily 
operationalized with direct 
STIX/TAXII integrations into 
security tools, to block more 
threats outright. 


Tools like phishing protections, 
brand protection and sinkholes 
also help deliver a more effective 
security posture. 
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More confident CISOs 


Security leaders reduce 
security risk through new 
intelligence that keeps 
organizations safer. With 
security postures more 
effective at stopping threats 
before they do damage, CISOs 
will respond to fewer large 
security incidents. Additionally, 
they will maximize investments 
in security tools by arming 
them with distinguished threat 
intelligence feeds. 


` 


L OM _REV:PMM-SEPT2022 


